USB-flashdrives contains unfixable security holes - exploitable sample codes out and about - Polidicks

[thumb]http://www.sweclockers.com/image/red/2013/05/02/IMG_6187.jpg?t=paneBanner&k=aa3d194a[/thumb] [quote][B] The threat from the "unfixable" security-weakness "Bad USB" is growing. Now sample source codes have been released, which anyone with even amateur-level programming knowledge can use to create very malicious, and extremely hard to detect USB flashdrives.[/B] During the hacker convention BlackHat 2014, which was held in Las Vegas in august, the German computer-security scientist Karsten Nohl presented a newly found discovery of his, a discovery that endangers the entire USB-standard. Seeing as there's no mechanism in place to verify the integrity of, for example, the firmware of a USB-flashdrive, it's possible for someone with malicious intent to, quite easily, replace or reprogram the firmware. This could result in extremely hard to detect "bad" USB-devices that either damages or otherwise manipulates the software of the host machine, or conducts espionage of it. A potential attacker could, for instance, program a flashdrive to inject code on-the-fly, or they could spy on network traffic by making the drive seem like a network controller to the rest of the system, or they could infact take control of the system by making the drive seem like a keyboard. To make things worse, the weakness itself, called "Bad USB", is directly related to how the USB-standard in itself functions, and is thus impossible to fix without designing new protocols and devices. Due to the potential harm that people could cause by gaining access to the knowledge, Karsten Nohl decided to keep the exact details to himself. This caused many to come to the conclusion that figuring it out would require massive resources, and something which only the GCHQ or the NSA would be able to pull off. Some of Karsten's colleagues, Adam Caudill and Brandon Wilson disagree with his decision, however. "[I]If the only people who can do this are those with significant budgets, the manufacturers will never do anything about it. You have to prove to the world that it’s practical, that anyone can do it… That puts pressure on the manufactures to fix the real issue.[/I]" Due to this, they've now released fully functional sample codes on Github, which anyone can use to reprogram a USB-flashdrive, as long as the device in question uses a control-circuit designed by the Taiwanese company Phison - who happens to be the biggest designer and manufacturer of USB-controllers and circuits. "[I]People look at these things and see them as nothing more than storage devices. They don’t realize there’s a reprogrammable computer in their hands.[/I]" The code can be used to reprogram flashdrives to become malicious, to then use them to conduct full-fledged attacks, for example by imitating input, or to, silently, remove password-protections stored in RAM. Seeing as the malicious software is stored in the firmware of the drive, it's very hard to detect, and also won't get removed by a format. [/quote] Source: [url]http://www.sweclockers.com/nyhet/19420-usb-enheter-innehaller-orattbart-sakerhetshal-exempelkod-ute-i-det-vilda[/url]

Reading this, it can create a new wave of cheats, it seems, if it's undetectable as they point out, or at least very hard to detect.

I think we all know what this means. RS232 flash drives are back in style.

And people called me crazy for keeping my Floppy disks. Now who's the crazy one eh? Plus without floppies, how else would I play Taco Bell's Jumping Bean Jamboree?

Um hello [url]https://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe?variant=353378649[/url] This has existed for idk how long now..

[QUOTE=mobrockers;46143255]Um hello [url]https://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe?variant=353378649[/url] This has existed for idk how long now..[/QUOTE] I have two of them. Fun stuff.

The good part is, the attack can only do what USB devices can normally do anyways. The bad part is, USB devices can do shitloads of stuff. You could emulate a USB Ethernet network controller, make up a network, and start trying to exploit through that, and the host machine's OS could be in a locked state while you do that.

[QUOTE=mobrockers;46143255]Um hello [url]https://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe?variant=353378649[/url] This has existed for idk how long now..[/QUOTE] Yes, but that is a drive specifically designed for that purpose. The thing in the article is something that affects every single flashdrive currently in existence

Pretend to be a game controller. Once, every four minutes, push the right stick in the left direction once for half a second. Imagine how maddening that would be while trying to play basically anything, but FPS games in particular.

[QUOTE=GunFox;46143425]Pretend to be a game controller. Once, every four minutes, push the right stick in the left direction once for half a second. Imagine how maddening that would be while trying to play basically anything, but FPS games in particular.[/QUOTE] Gaping security hole that allows any Virus to maliciously reprogram any USB flash memory put into a PC which enables these to bypass anti-virus software and spread to "off-the-grid" PCs and the one thing you think and decide to post about is ...computer games.

So, don't buy off-brand / used USB's? Right?

[QUOTE=Mr. Someguy;46143460]So, don't buy off-brand / used USB's? Right?[/QUOTE] All USB controlers produced until today and probably quite a few months into the future have the security hole.

Wait so every USB ever is obsolete now?

[quote][...] or to, silently, remove password-protections stored in RAM[/quote] Wait what? Since when do USB devices have access to host RAM? I know FireWire does that and it's a ridiculously bad idea, but USB? Apart from that this is pretty harmless, just lets you do movie-style hacks by plugging in the flash drive and having a bunch of code pouring into a console window on screen. [editline]3rd October 2014[/editline] This is cool though, essentially gives programmable chip devices to everyone for a few cents. (I think if you hook it up to a charger and splice the cable you should be able to control some stuff with it.)

[QUOTE=mobrockers;46143255]Um hello [url]https://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe?variant=353378649[/url] This has existed for idk how long now..[/QUOTE] [quote]Simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root. The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer. A BadUSB device may even have replaced the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the USB thumb drive. Once infected, computers and their USB peripherals can never be trusted again.[/quote] Well, that's just terrifying. Amateur-level programming, though? It sounds kind of fun to make joke USB drives that just do something annoying while they're connected. I don't know how many lists I'd be on by googling "badusb programming tutorial" though.

There are samples and the program used to connect to the device is written in C#, shouldn't be difficult to modify. That said, the documentation of the device is severely lacking.

thanks to cloud storage I don't remember the last time I used a usb drive

[QUOTE=Amiga OS;46143726]You are right, USB doesn't have DMA, Thunderbolt does though.[/QUOTE] What a great design choice.

[QUOTE=GunFox;46143425]Pretend to be a game controller. Once, every four minutes, push the right stick in the left direction once for half a second. Imagine how maddening that would be while trying to play basically anything, but FPS games in particular.[/QUOTE] The hackers are way ahead of you, mine have been doing this for 2 years now

[QUOTE=elitehakor;46143706]thanks to cloud storage I don't remember the last time I used a usb drive[/QUOTE] because cloud storage is the epitome of security when it comes to data storage

Well guess I'm never using a USB drive then.

thats not a problem because, why would you do something like that? noone would ever be enough of a dick to do such a thing? how much of an asshole does it take? you'd have to be a really REALLY huge cunt to do something like that and we're all good people who don't want bad things to happen, right? right? RIGHT? [B]RIGHT?[/B]

[QUOTE=Amiga OS;46143753]Thunderbolt is literally external PCIe, it kind of needs it. Devices on a Thunderbolt bus are mapped to system memory just like any PCI card.[/QUOTE] External PCIe is a shit idea. May as well just have a nice big sign saying: "fuck shit up here!" painted above it with flashing neon lights and carnival music to draw a crowd.

Watch the BlackHat presentation for demos of what happens: [video=youtube;nuruzFqMgIw]http://www.youtube.com/watch?v=nuruzFqMgIw[/video]

Whats the chance that a store-bought USB is infected with malicious code though? I could understand code for spying maybe.

[QUOTE=G-Strogg;46144026]Whats the chance that a store-bought USB is infected with malicious code though? I could understand code for spying maybe.[/QUOTE] Not that low, actually. Once in a while there's a shipment of infected computers so it's not unreasonable to assume the same could happen with flash drives.

[QUOTE=Killuah;46143458]Gaping security hole that allows any Virus to maliciously reprogram any USB flash memory put into a PC which enables these to bypass anti-virus software and spread to "off-the-grid" PCs and the one thing you think and decide to post about is ...computer games.[/QUOTE] The truly malicious applications are obvious. The entertaining applications are much more fun to consider. [editline]3rd October 2014[/editline] [QUOTE=synthiac;46143462]Or you could just use a laser mouse.[/QUOTE] Most games now will accept inputs from both. They will have keybindings setup for both a controller and a keyboard + mouse. So you'd be using a mouse while the drive was emulating a controller. The game would likely accept both without skipping a beat. As other people have said, if you have a joystick that you keep attached to your machine, it can do this accidentally.

So if you can entirely control the keyboard and I would assume the mouse through USB, could you make a USB device that opens visual studio, writes a program, compiles it or whatever, and then runs it? I'd imagine that this exploit would make something like that redundant, but it's still amusing to picture.

Maybe you could use this to hack USB webcams and create your own informal version of MFC.

[QUOTE=Killuah;46143458]Gaping security hole that allows any Virus to maliciously reprogram any USB flash memory put into a PC which enables these to bypass anti-virus software and spread to "off-the-grid" PCs and the one thing you think and decide to post about is ...computer games.[/QUOTE] Talking about white/grey hat viruses is fun [media]http://www.youtube.com/watch?v=VEKDxplHsU0[/media] [media]http://www.youtube.com/watch?v=i9qcv4OAx74[/media]